service account does not have storage.objects.get access for Google Cloud Storage

python google-cloud-platform google-cloud-storage service-accounts
56,005

Solution 1

The problem was apparently that the service account was associated with too many roles, perhaps as a results of previous configuration attempts.

These steps resolved the issue:

  • removed all (three) roles for the offending service account (member) my_sa under IAM & Admin / IAM
  • deleted my_sa under IAM & Admin / Service accounts
  • recreated my_sa (again with role Storage / Storage Admin)

Effects are like this:

  • my_sa shows up with one role (Storage Admin) under IAM & Admin / IAM
  • my_sa shows up as member under Storage / Browser / my_bucket / Edit bucket permissions

Solution 2

It's worth to note, that you need to wait a minute or something for permissions to be working in case you just assigned them. At least that's what happened to me after:

gcloud projects add-iam-policy-binding xxx --member
"serviceAccount:[email protected]" --role "roles/storage.objectViewer"

Solution 3

Go to your bucket's permissions section and open add permissions section for your bucket. For example, insufficient service, which gcloud tells you, is;

[email protected]

Add this service as user then give these roles;

  • Cloud Storage - Storage Admin
  • Cloud Storage - Storage Object Admin
  • Cloud Storage - Storage Object Creator

Then you should have sufficient permissions to make changes on your bucket.

Share:
56,005
Drux
Author by

Drux

Updated on July 09, 2022

Comments

  • Drux
    Drux almost 2 years

    I have created a service account in Google Cloud Console and selected role Storage / Storage Admin (i.e. full control of GCS resources).

    gcloud projects get-iam-policy my_project seems to indicate that the role was actually selected:

    - members:
  - serviceAccount:my_sa@my_project.iam.gserviceaccount.com
  role: roles/storage.admin
- members:
  - serviceAccount:my_sa@my_project.iam.gserviceaccount.com
  role: roles/storage.objectAdmin
- members:
  - serviceAccount:my_sa@my_project.iam.gserviceaccount.com
  role: roles/storage.objectCreator

    And documentation clearly indicates that role roles/storage.admin comprises permissions storage.objects.* (as well as storage.buckets.*).

    But when I try using that service account in conjunction with the Google Cloud Storage Client Library for Python, I receive this error message:

    my_sa@my_project.iam.gserviceaccount.com does not have storage.objects.get access to my_project/my_bucket.

    So why would the selected role not be sufficient in this context?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Access denied (SA doesn't have storage.objects.create access) when trying to upload using a preSigned url to google cloud storage
How to get a download URL for files in Google Cloud Storage?
User does not have storage.objects.list access to bucket
Write a Pandas DataFrame to Google Cloud Storage or BigQuery
How to upload a file to Google Cloud Storage on Python 3?
Read csv from Google Cloud storage to pandas dataframe
How to write query result to Google Cloud Storage bucket directly?
How can I access a file of storage with dart Google Storage API
GCP Deployment Manager: 403 does not have storage.buckets.get access
How to run Google gsutil using Python